Businesses are facing ever greater challenges in security operations. The growing number and complexity of technologies, combined with the reduction of IT professionals once dedicated to security management, has dramatically increased the potential for human error, which can lead to exposures and breaches.

Cisco Security Manager counteracts these challenges. It provides scalable, centralized management for a wide range of devices. Administrators gain visibility across the network and can share highly secure information with other essential network services, such as compliance systems and advanced analysis systems. Designed for operational efficiency, Security Manager also includes a powerful suite of automated capabilities, such as health and performance monitoring, software image management, auto-conflict detection, and integration with ticketing systems.

Several features in Security Manager make for simplified and efficient management. The following sections describe these features.

Dashboard

The manager’s dashboard (Figure 1) is a widget-based home screen that gives a bird’s-eye view of the health, functioning, and other major performance indicators of a network security setup. Several widgets, such as the Device Health Summary, Top Attackers, Top Victims, Top Signatures, and others, provide an excellent summary of priority security aspects that an administrator needs to be aware of. These widgets act as a starting point for any security readiness analysis. For example, in the Signatures widget, a user can click the number of times a specific signature has been hit, and Security Manager will take the user to the Event Viewer, where events corresponding to that signature can be analyzed. Similarly, the administrator can click an IP address on the Top Attackers widget and look at value-added information related to that IP address. So, in summary, the dashboard screen is the starting point for security administrators. Additionally, these dashboards can be personalized to suit each administrator’s needs.

Figure 1. Dashboard

Integrated Policy and Object Management

Security Manager helps enable the reuse of security rules and objects and enhances the ability to monitor threats throughout the deployment, reducing the potential for errors and improving efficiency. Administrators can implement security deployments on either an on-demand or a scheduled basis and can roll back to a previous configuration if required. Role-based access control and deployment workflows help ensure that compliance processes are followed (see Figure 2).

Figure 2. Security Policy Management

Event Management and Troubleshooting

Integrated event management helps enable the viewing of real-time and historical events for rapid incident analysis and troubleshooting and provides rapid navigation from events to source policies. In addition, administrators can quickly identify and isolate interesting events by using advanced filtering and search capabilities. Cross-linkages between the Event Manager and Configuration Manager reduce troubleshooting time for firewall rules and intrusion prevention system (IPS) signatures (see Figure 3).

Security Manager generates detailed system reports based on events and other essential information gathered throughout the security deployment (Figure 4). Table 1 lists the available system reports. In addition, administrators can define and save predefined reports to meet specific reporting needs. Whether system-generated or predefined, all reports can be exported and scheduled for email delivery as PDF or CSV files. Users can also find more detail from a specific chart to view additional information for further analysis.

Figure 4. Report Manager

Table 1.System Reports

Firewall

IPS

VPN

●Top Infected Hosts

●Top Malware Ports

●Top Malware Sites

●Top Destinations

●Top Services

●Top Sources

●Inspection/Global Correlation

●IPS Simulation Mode

●Target Analysis

●Top Attackers

●Top Blocked/Unblocked Signatures

●Top Signatures

●Top Victims

●Top Bandwidth Users (SSL/IPsec)

●Top Duration Users (SSL/IPsec)

●Top Throughput Users (SSL/IPsec)

●User Report

●VPN Device Usage Report

Health and Performance Monitoring

The integrated Health and Performance Monitor can help administrators increase their productivity by continuously analyzing the security environment and sending alerts when preset thresholds are reached. Customizable alert notifications can be set for such events as critical firewall failover, IPS sensor application failures, or excessive CPU or memory utilization.

Using a simple color-coded interface, administrators can immediately identify any devices that are in critical condition and view commonly monitored attributes (CPU or memory utilization, for example) to rapidly ascertain the general health and performance of all devices across the security deployment. Detailed charts can be used to gain additional insights regarding the health, traffic, and performance metrics of each device, as desired. Figure 5 shows the primary monitoring interface.

Figure 5. Health and Performance Monitor

These health and monitoring features are available for the new Cisco ASA clustering features as well.

Software Image Upgrades

Firewall software images can be upgraded using an intuitive wizard. The wizard leads administrators through the steps required to download the images, create the image bundle, and verify that the image is appropriate for each device. The tool then performs the backup, takes the devices down, and performs the update. The updates can be performed on each firewall individually or run in groups to improve speed and efficiency. The process is automated so it can be run overnight or during noncritical times to reduce disruption to the operating environment. Figure 6 shows the primary image management interface of the solution.

Figure 6. Software Image Upgrade Wizard

API-Based Access to the Security Manager

With the highly secure API-based access, Security Manager can share information with other essential network services, such as compliance and advanced security analysis systems, to streamline their security operations and compliance adherence. Using representational state transfer, external firewall compliance systems can directly request access to data from any security device managed by the Security Manager. These third-party client programs can also add, delete, or modify firewall-access policies and policy objects in the Security Manager through APIs. The APIs integrate transparently with the solution’s workflow, so administrators can enforce strict controls when the APIs automate the policy configuration.

Additional Features and Benefits

Table 2 summarizes the additional features and benefits of Security Manager.

Table 2.Additional Features and Benefits

Feature

Benefit

Firewall Configuration

Manages the Cisco security deployment

Facilitates the centralized management of the Cisco security environment, including:

Supports the management of multiple device platforms using a single rule table.

Efficient policy definition

Increases the efficiency with which administrators can define policies by clearly displaying which rules match a specific source, destination, and service flow, including wildcards.

Syslog forwarding

Security Manager supports forwarding logs generated by ASA firewalls to two remote collectors in addition to the in-built Event Viewer.

Simplified setup

Streamlines configuration and simplifies initial security management setup by making it possible for device information to be imported from a device repository or configuration file, added in the software, or discovered from the device itself.

Can incrementally provision new and updated signatures before deploying them to the enterprise.

Threat research

Allows administrators can configure their environment based on insights gained from Cisco Security Intelligence Operations, the Cisco Security IntelliShield® Alert Manager Service, and Cisco IPS Security Research Team recommendations before distributing the signature update.

Makes IPS signature policies and event action filters inheritable and assignable to any device: all IPS polices can be assigned to and shared with other IPS devices.

Policy rollback

Includes IPS policy rollback, a configuration archive, and cloning or creation of signatures.

Easy operations

Provides an easy means of navigation between signatures and events generated for those signatures; an intuitive user interface provides simple mechanisms for tuning and managing signatures.

Risk-rating categories

Dynamically calculates risk-rating values that can be grouped into a risk range and defined as a category. Signatures can be assigned a risk-rating category and accordingly assigned with actions that are to be taken if the signature is hit.

Global event actions

Can add multiple event actions to a risk-rating category that will apply globally to all signatures in that risk-rating range. Also, specific actions can be filtered from a signature for an event if necessary.

Signature annotations

Can add notes to a signature by multiple users, which can later be viewed in a consolidated manner for that signature.

CSV export

Makes comma-separated value (CSV) export available for select IPS features such as signatures, event action filters, and signature delta settings, which facilitates storage and exchange of this data between Security Manager server instances.

Can tag changes made in multiple ticketing systems with a single ticket identifier, making them easily queried for audit.

Global search

Can find all devices, policies, and policy objects in the configuration database that use a particular IP address or service.

Find usage

Helps administrators quickly find usage information about objects by pointing to the exact rules that use a particular policy object, in addition to providing details about all the policies that use the object.

Auto-conflict detection

Provides a clear picture about rule conflicts to simplify rule optimization and troubleshooting.

IPv4 and IPv6 cross-compatibility

Supports configuration of unified IPv4 and IPv6 policies and rules to help speed up deployments and improve compatibility between policy configurations.

Has embedded IP intelligence into several features. Users can look at value-added information such as FQDN and location information for an IP address from several widgets in the home screen such as Top Attackers and Top Victims, in the Report Manager while analyzing a specific chart, and in the Health and Performance Monitor. IP Intelligence also exists as a separate widget in itself that can be added to a dashboard.

Cisco takes a lifecycle approach to services and, with its partners, provides a broad portfolio of security services so enterprises can design, implement, operate, and optimize network platforms that defend critical business processes against attack and disruption, protect privacy, and support policy and regulatory compliance controls.

●Cisco Security IntelliShield Alert Manager Service provides a customizable, web-based threat and vulnerability alert service that allows organizations to easily access timely, accurate, and credible information about potential vulnerabilities in their environment.

●Cisco Software Application Support Service keeps Security Manager up and running with around-the-clock access to technical support and software updates.

●Cisco Security Optimization Service helps organizations maintain peak network health. The network infrastructure is the foundation of an agile and adaptive business. The Security Optimization Service supports the continuously evolving security system to meet ever-changing security threats through a combination of planning and assessments, design, performance tuning, and ongoing support for system changes.

Security Manager software is eligible for technical support service coverage under the Cisco Software Application Support service agreement, which features:

●Unlimited access to the Cisco Technical Assistance Center for award-winning support. Technical assistance is provided by Cisco software application experts trained in Cisco security software applications. Support is available 24 hours a day, 7 days a week, 365 days a year, worldwide.

Cisco Capital can help you acquire the technology you need to achieve your objectives and stay competitive. We can help you reduce CapEx. Accelerate your growth. Optimize your investment dollars and ROI. Cisco Capital financing gives you flexibility in acquiring hardware, software, services, and complementary third-party equipment. And there’s just one predictable payment. Cisco Capital is available in more than 100 countries. Learn more.